/**
* create a new member and let it become participant of the supplied ballot
*
* @param Period $period
* @param mixed $ballot Ballot, true or null
* @param integer $case
* @param string $i
*/
function add_participant(Period $period, $ballot, $case, $i) {
global $date, $password;
Login::$member = new Member;
Login::$member->invite = Login::generate_token(24);
Login::$member->eligible = true;
Login::$member->verified = true;
Login::$member->create();
Login::$member->username = "******".$date."c".$case."p".(is_object($ballot)?$ballot->id:$ballot).$i;
Login::$member->password = $password;
$update_fields = array('username', 'password', 'eligible');
// Enable this only in local development environment, because it may lead to a lot if notification mails!
//Login::$member->mail = ERROR_MAIL;
//$update_fields[] = "mail";
Login::$member->update($update_fields, 'activated=now()');
Login::$member->update_ngroups([1]);
if ($ballot) {
if (is_object($ballot)) $period->select_ballot($ballot); else $period->select_postal();
}
}
/**
* save not yet confirmed mail address and send confirmation request
*
* @param string $mail
*/
public function set_mail($mail) {
if ( strtotime($this->mail_lock_expiry) > time() ) {
warning(_("We have sent an email with a confirmation code already in the last hour. Please try again later!"));
redirect();
}
$this->mail_unconfirmed = $mail;
DB::transaction_start();
do {
$this->mail_code = Login::generate_token(16);
$sql = "SELECT id FROM member WHERE mail_code=".DB::esc($this->mail_code);
} while ( DB::numrows($sql) );
// The member has 7 days to confirm the email address.
$this->update(['mail_unconfirmed', 'mail_code'], "mail_code_expiry = now() + interval '7 days'");
DB::transaction_commit();
$subject = _("Email confirmation request");
$body = _("Please confirm your email address by clicking the following link:")."\n"
.BASE_URL."confirm_mail.php?code=".$this->mail_code."\n\n"
._("If this link does not work, please open the following URL in your web browser:")."\n"
.BASE_URL."confirm_mail.php\n"
._("On that page enter the code:")."\n"
.$this->mail_code;
if ( send_mail($mail, $subject, $body) ) {
$this->update(array(), "mail_lock_expiry = now() + interval '1 hour'");
success(_("Your email address has been saved. An email with a confirmation code has been sent."));
} else {
warning(sprintf(_("Your email address has been saved, but the email with the confirmation code could not be sent. Try again later or contact %s.")), MAIL_SUPPORT);
}
// notification to old mail address
if ($this->mail) {
$subject = _("Change of your email address");
$body = _("Someone, probably you, changed your email address to:")."\n"
.$this->mail_unconfirmed."\n\n"
._("If this was not you, somebody else got access to your account. In this case please log in as soon as possible and change your password:"******"\n"
.BASE_URL."settings.php\n"
.sprintf(_("Then try to set the email address back to your one and contact %s!"), MAIL_SUPPORT);
send_mail($this->mail, $subject, $body);
}
}
/**
* create a member once
*
* @param string $username
*/
function create_member($username) {
global $password, $ngroup;
// make usernames unique
$username .= " ".$ngroup->id;
static $members = array();
if (isset($members[$username])) {
Login::$member = $members[$username];
return;
}
Login::$member = new Member;
Login::$member->invite = Login::generate_token(24);
Login::$member->eligible = true;
Login::$member->verified = true;
Login::$member->create();
Login::$member->username = $username;
Login::$member->password = $password;
$update_fields = array('username', 'password', 'eligible');
// Enable this only in local development environment, because it will lead to extremely many notification mails!
//Login::$member->mail = ERROR_MAIL;
//$update_fields[] = "mail";
Login::$member->update($update_fields, 'activated=now()');
DB::insert("member_ngroup", array('member'=>Login::$member->id, 'ngroup'=>$ngroup->id));
// activate all notifications
foreach ( Notification::$default_settings as $interest => $types ) {
$fields_values = array('member'=>Login::$member->id, 'interest'=>$interest);
foreach ( $types as $type => $value ) {
$fields_values[$type] = true;
}
DB::insert_or_update("notify", $fields_values, array('member', 'interest'));
}
$members[$username] = Login::$member;
}
/**
* start online voting
*
* @param array $issues
*/
public function start_voting(array $issues) {
// entitled members of the ngroup
$sql = "SELECT member.* FROM member
JOIN member_ngroup ON member.id = member_ngroup.member AND member_ngroup.ngroup=".intval($this->ngroup)."
WHERE activated IS NOT NULL AND eligible=TRUE AND verified=TRUE";
$members = DB::fetchobjectarray($sql, "Member");
$personal_tokens = array();
$all_tokens = array();
foreach ($issues as $issue) {
/** @var $issue Issue */
// generate vote tokens
$all_tokens[$issue->id] = array();
foreach ( $members as $member ) {
DB::transaction_start();
do {
$token = Login::generate_token(8);
$sql = "SELECT token FROM vote_token WHERE token=".DB::esc($token);
} while ( DB::numrows($sql) );
$sql = "INSERT INTO vote_token (member, issue, token) VALUES (".intval($member->id).", ".intval($issue->id).", ".DB::esc($token).")";
DB::query($sql);
DB::transaction_commit();
$personal_tokens[$member->id][$issue->id] = $token;
$all_tokens[$issue->id][] = $token;
}
$issue->state = "voting";
$issue->update(["state"], 'voting_started=now()');
}
// notification mails
$subject = sprintf(_("Voting started in period %d"), $this->id);
$body_top = _("Group").": ".$this->ngroup()->name."\n\n"
._("Online voting has started on the following proposals").":\n";
$body_lists = "\n"._("Voting end").": ".datetimeformat($this->counting)
."\n\n===== "._("Lists of all vote tokens")." =====\n";
$issues_blocks = array();
foreach ( $issues as $issue ) {
$body_lists .= "\n"
._("Issue")." ".$issue->id.":\n"
.join(", ", $all_tokens[$issue->id])."\n";
$issues_blocks[$issue->id] = "\n"._("Issue")." ".$issue->id."\n";
foreach ( $issue->proposals(true) as $proposal ) {
$issues_blocks[$issue->id] .= _("Proposal")." ".$proposal->id.": ".$proposal->title."\n"
.BASE_URL."proposal.php?id=".$proposal->id."\n";
}
}
foreach ( $members as $member ) {
if (!$member->mail) continue;
$body = $body_top;
foreach ( $issues as $issue ) {
$body .= $issues_blocks[$issue->id]
._("Vote").": ".BASE_URL."vote.php?issue=".$issue->id."\n"
._("Your vote token").": ".$personal_tokens[$member->id][$issue->id]."\n";
}
$body .= $body_lists;
send_mail($member->mail, $subject, $body, array(), $member->fingerprint);
}
}
/**
* create a unique token for the member and the current issue
*
* @param string $table database table
* @param Member $member
* @return string
*/
private function create_unique_token($table, Member $member) {
DB::transaction_start();
do {
$token = Login::generate_token(8);
$sql = "SELECT token FROM $table WHERE token=".DB::esc($token);
} while ( DB::numrows($sql) );
$sql = "INSERT INTO $table (member, issue, token) VALUES (".intval($member->id).", ".intval($this->id).", ".DB::esc($token).")";
DB::query($sql);
DB::transaction_commit();
return $token;
}
* @author Magnus Rosenbaum <*****@*****.**>
* @package Basisentscheid
*/
require "inc/common_http.php";
Login::logout();
if ($action) {
switch ($action) {
case "create":
$member = new Member;
$member->invite = Login::generate_token(24);
$member->eligible = true;
$member->verified = true;
$member->create();
// become member of ngroups
if (!empty($_POST['ngroups'])) {
foreach ( $_POST['ngroups'] as $ngroup ) {
$ngroup_int = intval($ngroup);
if (!$ngroup_int or $ngroup_int!=$ngroup) continue;
DB::insert("member_ngroup", array('member'=>$member->id, 'ngroup'=>$ngroup_int));
}
}
redirect("register.php?invite=".$member->invite);
action_required_parameters('username');
if (!$_POST['username']) break;
$sql = "SELECT * FROM member
WHERE username="******"
AND ( password_reset_code IS NULL OR password_reset_code_expiry < now() )";
$result = DB::query($sql);
if ( $member = DB::fetch_object($result, "Member") ) {
if (!$member->mail) {
warning(sprintf(_("Sorry, but there is no confirmed email address for this account. Please contact %s!"), MAIL_SUPPORT), true);
break;
}
$member->password_reset_code = Login::generate_token(24);
if ( ! $member->update(['password_reset_code'], "password_reset_code_expiry = now() + interval '1 day'") ) {
warning(sprintf(_("The generated code could not be saved. Please try again or contact %s!"), MAIL_SUPPORT), true);
break;
}
$subject = _("Password reset request");
$body = sprintf(_("Hello %s!"), $member->username)."\n\n"
._("To reset your password please click on the following link:")."\n"
.BASE_URL."reset_password.php?code=".$member->password_reset_code."\n\n"
._("If this link does not work, please open the following URL in your web browser:")."\n"
.BASE_URL."reset_password.php\n"
._("On that page please enter the code:")."\n"
.$member->password_reset_code."\n\n"
._("This code is only valid for one day.");
